From 0f93214ee0833beaca167d403ca20ed3b01f6c72 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Mon, 12 Nov 2018 22:59:04 +0530 Subject: [PATCH 01/12] Added Password reset capability. --- .../RegistrationHandlerServlet.java | 78 ++++++++++++++++ .../com/occamlab/te/web/EmailUtility.java | 48 ++++++++++ .../occamlab/te/web/ResetPasswordHandler.java | 92 +++++++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 27 ++++++ .../src/main/webapp/resetPassword.jsp | 68 ++++++++++++++ 5 files changed, 313 insertions(+) create mode 100644 teamengine-web/RegistrationHandlerServlet.java create mode 100644 teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java create mode 100644 teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java create mode 100644 teamengine-web/src/main/webapp/resetPassword.jsp diff --git a/teamengine-web/RegistrationHandlerServlet.java b/teamengine-web/RegistrationHandlerServlet.java new file mode 100644 index 000000000..c0fcad639 --- /dev/null +++ b/teamengine-web/RegistrationHandlerServlet.java @@ -0,0 +1,78 @@ +/**************************************************************************** + + The Original Code is TEAM Engine. + + The Initial Developer of the Original Code is Northrop Grumman Corporation + jointly with The National Technology Alliance. Portions created by + Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop + Grumman Corporation. All Rights Reserved. + + Contributor(s): No additional contributors to date + + ****************************************************************************/ +package com.occamlab.te.web; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import com.occamlab.te.realm.PasswordStorage; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.PrintStream; + +/** + * Handles requests to register new users. + * + */ +public class RegistrationHandlerServlet extends HttpServlet { + + private static final long serialVersionUID = 7428127065308163495L; + + Config conf; + + public void init() throws ServletException { + conf = new Config(); + } + + public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { + try { + String username = request.getParameter("username"); + String password = request.getParameter("password"); + String hashedPassword = PasswordStorage.createHash(password); + String email = request.getParameter("email"); + String firstName = request.getParameter("firstName"); + String lastName = request.getParameter("lastName"); + String organization = request.getParameter("organization"); + File userDir = new File(conf.getUsersDir(), username); + if (userDir.exists()) { + String url = "register.jsp?error=duplicate&username=" + username; + if (email != null) { + url += "&email=" + email; + } + response.sendRedirect(url); + } else { + userDir.mkdirs(); + File xmlfile = new File(userDir, "user.xml"); + PrintStream out = new PrintStream(new FileOutputStream(xmlfile)); + out.println(""); + out.println(" " + username + ""); + out.println(" "); + out.println(" user"); + out.println(" "); + out.println(" " + hashedPassword + ""); + out.println(" " + email + ""); + out.println(" " + firstName + ""); + out.println(" " + lastName + ""); + out.println(" " + organization + ""); + out.println(""); + out.close(); + response.sendRedirect("registered.jsp"); + } + } catch (Exception e) { + throw new ServletException(e); + } + } +} diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java b/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java new file mode 100644 index 000000000..699f46933 --- /dev/null +++ b/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java @@ -0,0 +1,48 @@ +package com.occamlab.te.web; + +import java.util.Date; +import java.util.Properties; +import java.util.Random; + +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.AddressException; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; + +public class EmailUtility { + + public static void sendEmail(String host, String portNo, + final String userName, final String pwd, String toAddress, + String subject, String message) throws AddressException, + MessagingException { + + Properties properties = new Properties(); + properties.put("mail.smtp.host", host); + properties.put("mail.smtp.port", portNo); + properties.put("mail.smtp.starttls.enable", "true"); + + Session session = Session.getDefaultInstance(properties); + Message msg = new MimeMessage(session); + try { + msg.setFrom(new InternetAddress(userName)); + InternetAddress[] toAddresses = { new InternetAddress(toAddress) }; + msg.setRecipients(Message.RecipientType.TO, toAddresses); + msg.setSubject(subject); + msg.setSentDate(new Date()); + msg.setText(message); + + Transport.send(msg); + } catch (Exception e) { + throw new RuntimeException("Failed send mail : " + e.getMessage()); + } + } + + public static String getRandomNumberString() { + Random randomNo = new Random(); + int number = randomNo.nextInt(999999); + return String.format("%06d", number); + } +} diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java new file mode 100644 index 000000000..df002328a --- /dev/null +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -0,0 +1,92 @@ +/**************************************************************************** + + The Original Code is TEAM Engine. + + The Initial Developer of the Original Code is Northrop Grumman Corporation + jointly with The National Technology Alliance. Portions created by + Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop + Grumman Corporation. All Rights Reserved. + + Contributor(s): No additional contributors to date + + ****************************************************************************/ +package com.occamlab.te.web; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import java.io.File; + +/** + * Handles requests to register new users. + * + */ +public class ResetPasswordHandler extends HttpServlet { + + private static final long serialVersionUID = 7428127065308163495L; + + Config conf; + private String host; + private String port; + private String user; + private String pass; + private String subject = "Reset your Atlassian password"; + + private String message; + + public void init() throws ServletException { + conf = new Config(); + ServletContext context = getServletContext(); + host = context.getInitParameter("host"); + port = context.getInitParameter("port"); + user = context.getInitParameter("user"); + pass = context.getInitParameter("pass"); + } + + public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { + try { + String username = request.getParameter("username"); + File userDir = new File(conf.getUsersDir(), username); + if (!userDir.exists()) { + String url = "resetPassword.jsp?error=userNotExists&username=" + username; + response.sendRedirect(url); + } else { + File xmlfile = new File(userDir, "user.xml"); + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + dbf.setExpandEntityReferences(false); + DocumentBuilder db = dbf.newDocumentBuilder(); + Document doc = db.parse(xmlfile); + Element userDetails = (Element) (doc.getElementsByTagName("user") + .item(0)); + NodeList emailList = userDetails.getElementsByTagName("email"); + message = "       

Verification Code:

"; + message += "          Username" + username; + message += "
          Verification code:

" + EmailUtility.getRandomNumberString() + "

"; + message += "

"; + message += "          Regards,"; + message += "
          CITE team
"; + + if (emailList.getLength() > 0) { + EmailUtility.sendEmail(host, port, user, pass, emailList.item(0).getTextContent(), subject, message); + response.sendRedirect("resetPassword.jsp"); + } else { + String url = "resetPassword.jsp?error=emailNotExists&username=" + + username; + response.sendRedirect(url); + } + } + } catch (Exception e) { + throw new ServletException(e); + } + } +} diff --git a/teamengine-web/src/main/webapp/WEB-INF/web.xml b/teamengine-web/src/main/webapp/WEB-INF/web.xml index 36cf53273..979691d1c 100644 --- a/teamengine-web/src/main/webapp/WEB-INF/web.xml +++ b/teamengine-web/src/main/webapp/WEB-INF/web.xml @@ -11,6 +11,25 @@ appVersion ${project.version} + + host + smtp.gmail.com + + + + port + 587 + + + + user + keshav.nangare@gmail.com + + + + pass + keshavn@123 + test com.occamlab.te.web.TestServlet @@ -41,6 +60,10 @@ prettyPrintLogs com.occamlab.te.web.PrettyPrintLogsServlet + + resetPasswordHandler + com.occamlab.te.web.ResetPasswordHandler + emailLog com.occamlab.te.web.EmailLogServlet @@ -100,6 +123,10 @@ registrationHandler /registrationHandler + + resetPasswordHandler + /resetPasswordHandler + logout /logout diff --git a/teamengine-web/src/main/webapp/resetPassword.jsp b/teamengine-web/src/main/webapp/resetPassword.jsp new file mode 100644 index 000000000..e1c77adb7 --- /dev/null +++ b/teamengine-web/src/main/webapp/resetPassword.jsp @@ -0,0 +1,68 @@ +<%@ page language="java" session="false"%> + +<% +String email = request.getParameter("email"); +String username = request.getParameter("username"); +%> + + + + + Reset Password + + + + <%@ include file="header.jsp" %> +

Reset Password

+
+<% +if ("userNotExists".equals(request.getParameter("error"))) { + out.println("The \"" + username + "\" is not registered username. Please try with registered User."); +} else if ("emailNotExists".equals(request.getParameter("error"))) { + out.println("Sorry, email \"" + email + "\" is not registered. Please try with registered email."); + } +%> +
+
+

+ Enter registered username only
+
+ + + + + +
Username :"/>
+ + +
+

+
+ <%@ include file="footer.jsp" %> + + From 5a8e079a3db1dd78b163b3a8d4891af40f79f56f Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Tue, 13 Nov 2018 22:56:08 +0530 Subject: [PATCH 02/12] Added HTML email template and fixed authentication issue. --- .../com/occamlab/te/web/EmailUtility.java | 15 ++++- .../occamlab/te/web/ResetPasswordHandler.java | 55 ++++++++++++++++--- 2 files changed, 59 insertions(+), 11 deletions(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java b/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java index 699f46933..f1d5a4540 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/EmailUtility.java @@ -4,8 +4,10 @@ import java.util.Properties; import java.util.Random; +import javax.mail.Authenticator; import javax.mail.Message; import javax.mail.MessagingException; +import javax.mail.PasswordAuthentication; import javax.mail.Session; import javax.mail.Transport; import javax.mail.internet.AddressException; @@ -22,9 +24,16 @@ public static void sendEmail(String host, String portNo, Properties properties = new Properties(); properties.put("mail.smtp.host", host); properties.put("mail.smtp.port", portNo); + properties.put("mail.smtp.auth", "true"); properties.put("mail.smtp.starttls.enable", "true"); - - Session session = Session.getDefaultInstance(properties); + + Authenticator auth = new Authenticator() { + public PasswordAuthentication getPasswordAuthentication() { + return new PasswordAuthentication(userName, pwd); + } + }; + + Session session = Session.getInstance(properties, auth); Message msg = new MimeMessage(session); try { msg.setFrom(new InternetAddress(userName)); @@ -32,7 +41,7 @@ public static void sendEmail(String host, String portNo, msg.setRecipients(Message.RecipientType.TO, toAddresses); msg.setSubject(subject); msg.setSentDate(new Date()); - msg.setText(message); + msg.setContent(message, "text/html; charset=utf-8"); Transport.send(msg); } catch (Exception e) { diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index df002328a..c9bb076d5 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -39,7 +39,7 @@ public class ResetPasswordHandler extends HttpServlet { private String port; private String user; private String pass; - private String subject = "Reset your Atlassian password"; + private String subject = "Reset your Teamengine password"; private String message; @@ -69,16 +69,55 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr Element userDetails = (Element) (doc.getElementsByTagName("user") .item(0)); NodeList emailList = userDetails.getElementsByTagName("email"); - message = "       

Verification Code:

"; - message += "          Username" + username; - message += "
          Verification code:

" + EmailUtility.getRandomNumberString() + "

"; - message += "

"; - message += "          Regards,"; - message += "
          CITE team
"; + message = String.format("" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + " " + + " " + + "
" + + " " + + " " + + " " + + " " + + "
" + + " " + + " " + + " " + + " " + + "
" + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + " " + + "
Hey %s,
You recently requested to reset your password for your Teamengine account. Use below verfication code to reset your password.
Verification Code : %s
If you did not request a password reset, please ignore this email or contact to CITE team.
Regards,
CITE TEAM
" + + "
" + + "
" + + "
" + + "" + + "" + + username, EmailUtility.getRandomNumberString()); if (emailList.getLength() > 0) { EmailUtility.sendEmail(host, port, user, pass, emailList.item(0).getTextContent(), subject, message); - response.sendRedirect("resetPassword.jsp"); + response.sendRedirect("resetPassword.jsp?success=true"); } else { String url = "resetPassword.jsp?error=emailNotExists&username=" + username; From e654bc0193ae0e330535090b8e8e71a1e3486265 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Wed, 14 Nov 2018 21:42:06 +0530 Subject: [PATCH 03/12] Updated the HTML email template and stored verification code to user.xml --- .../occamlab/te/web/ResetPasswordHandler.java | 82 ++++++++++++++++--- 1 file changed, 69 insertions(+), 13 deletions(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index c9bb076d5..94e081812 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -19,9 +19,15 @@ Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; import java.io.File; @@ -40,8 +46,8 @@ public class ResetPasswordHandler extends HttpServlet { private String user; private String pass; private String subject = "Reset your Teamengine password"; - private String message; + File userDir; public void init() throws ServletException { conf = new Config(); @@ -55,7 +61,7 @@ public void init() throws ServletException { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { try { String username = request.getParameter("username"); - File userDir = new File(conf.getUsersDir(), username); + userDir = new File(conf.getUsersDir(), username); if (!userDir.exists()) { String url = "resetPassword.jsp?error=userNotExists&username=" + username; response.sendRedirect(url); @@ -69,31 +75,49 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr Element userDetails = (Element) (doc.getElementsByTagName("user") .item(0)); NodeList emailList = userDetails.getElementsByTagName("email"); - message = String.format("" + String vCode = EmailUtility.getRandomNumberString(); + message = "" + "" + "" + "" + "" - + "" - + "" - + "" + + "" + + "" + + "" + + "
" + + " " + + "
" + + " OGC Validator" + + "
" + + "
" + + "
" + "" - + " - + + + + +
" + + " " + " " + " " + " " @@ -143,7 +132,7 @@ public void resetPassowrdHandler(HttpServletRequest request, HttpServletResponse + ""; if (emailList.getLength() > 0) { - updateUserDetails(doc, userDetails, vCode); + saveVerificationCode(doc, userDetails, vCode); EmailUtility.sendEmail(host, port, user, pass, emailList.item(0).getTextContent(), subject, message); response.sendRedirect("updatePassword.jsp?emailStatus=true"); } else { @@ -221,19 +210,30 @@ public void updatePassword(HttpServletRequest request, * @param userDetails * @param verifyCode */ - public void updateUserDetails(Document doc, Element userDetails, + public void saveVerificationCode(Document doc, Element userDetails, String verifyCode) { - NodeList vCodeList = userDetails.getElementsByTagName("verificationCode"); - if (vCodeList.getLength() != 0) { - Element element = (Element) doc.getElementsByTagName("verificationCode") - .item(0); - Node parent = element.getParentNode(); - parent.removeChild(element); - } + //Remove element if exist. + doc = XMLUtils.removeElement(doc, userDetails, "verificationCode"); + + //Update new details to existing document Element verificationCode = doc.createElement("verificationCode"); verificationCode.setTextContent(verifyCode); userDetails.appendChild(verificationCode); XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); } + /** + * Returns the base URL from the current request context. + * @param request + * @return baseUrl + */ + public static String getBaseUrl(HttpServletRequest request) { + String scheme = request.getScheme(); + String host = request.getServerName(); + int port = request.getServerPort(); + String contextPath = request.getContextPath(); + + String baseUrl = scheme + "://" + host + ((("http".equals(scheme) && port == 80) || ("https".equals(scheme) && port == 443)) ? "" : ":" + port) + contextPath; + return baseUrl; +} } diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java index f504cdade..155dcd021 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java @@ -19,6 +19,7 @@ import javax.xml.xpath.XPathFactory; import org.w3c.dom.Document; +import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -100,7 +101,7 @@ public static Document parseDocument(File xmlFile) { } /** - * The XML file is uploaded + * This method is used to write the DOM object to XML file. * @param xmlFile * @return */ @@ -116,5 +117,26 @@ public static void transformDocument(Document doc, File xmlFile) { throw new RuntimeException("Failed to update xml file. " + e.getMessage()); } } + + /** + * This method removes the element from the document. + * + * @param doc + * @param element + * Object of root element + * @param elementName + * The name of element to remove. + * @return + */ + public static Document removeElement(Document doc, Element element, String elementName){ + NodeList elementList = element.getElementsByTagName(elementName); + if (elementList.getLength() != 0) { + Element elementToRemove = (Element) doc.getElementsByTagName(elementName) + .item(0); + Node parent = elementToRemove.getParentNode(); + parent.removeChild(elementToRemove); + } + return doc; + } } diff --git a/teamengine-web/src/main/webapp/login.jsp b/teamengine-web/src/main/webapp/login.jsp index ac9352647..82a696083 100644 --- a/teamengine-web/src/main/webapp/login.jsp +++ b/teamengine-web/src/main/webapp/login.jsp @@ -33,13 +33,21 @@ if (request.getParameter("error") != null) { %> -

- Enter your username and password:
-
- Username:
- Password:
-
-

+

Enter your username and password:

+
" + " " + " " - + " " + " " + " " - + " " + + " " + " " + " " + " " + " " + " " - + " " + + " " + + " " + + " " + + " " + " " + " " - + " " + + " " + " " + "
" + + " " + " " + " " - + " " + + " " + " " + " " + " " + " " + " " - + " " + + " " + " " + " " + " " @@ -112,12 +136,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr + " " + "
Hey %s,Dear  " + username + ",
You recently requested to reset your password for your Teamengine account. Use below verfication code to reset your password.
Verification Code : %sVerification Code : " + vCode + "
If you did not request a password reset, please ignore this email or contact to CITE team.
" + "" - + "" - + username, EmailUtility.getRandomNumberString()); + + ""; if (emailList.getLength() > 0) { + updateUserDetails(doc, userDetails, vCode); EmailUtility.sendEmail(host, port, user, pass, emailList.item(0).getTextContent(), subject, message); - response.sendRedirect("resetPassword.jsp?success=true"); + response.sendRedirect("resetPassword.jsp?emailStatus=true"); } else { String url = "resetPassword.jsp?error=emailNotExists&username=" + username; @@ -128,4 +152,36 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr throw new ServletException(e); } } + /** + * Store verification code into the user.xml file to validate the code. + * @param doc + * @param userDetails + * @param verifyCode + */ + public void updateUserDetails(Document doc, Element userDetails, + String verifyCode) { + + NodeList vCodeList = userDetails.getElementsByTagName("verificationCode"); + if (vCodeList.getLength() != 0) { + Element element = (Element) doc.getElementsByTagName("verificationCode") + .item(0); + Node parent = element.getParentNode(); + parent.removeChild(element); + } + Element verificationCode = doc.createElement("verificationCode"); + verificationCode.setTextContent(verifyCode); + userDetails.appendChild(verificationCode); + try { + DOMSource source = new DOMSource(doc); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + StreamResult result = new StreamResult(new File(userDir, "user.xml")); + transformer.transform(source, result); + } catch (Exception e) { + throw new RuntimeException( + "Failed to update userdetails with the verification code " + + e.getMessage()); + } + } } From 7170c398a70a56a013f97c0c995005ac62f0d477 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Thu, 15 Nov 2018 21:14:21 +0530 Subject: [PATCH 04/12] Added upate password page and validated the verification code. --- .../occamlab/te/web/ResetPasswordHandler.java | 104 +++++++++++++----- .../java/com/occamlab/te/web/XMLUtils.java | 50 +++++++++ .../src/main/webapp/WEB-INF/web.xml | 12 +- teamengine-web/src/main/webapp/login.jsp | 7 ++ .../src/main/webapp/updatePassword.jsp | 104 ++++++++++++++++++ 5 files changed, 249 insertions(+), 28 deletions(-) create mode 100644 teamengine-web/src/main/webapp/updatePassword.jsp diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index 94e081812..1836e7392 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -17,19 +17,13 @@ Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; - import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import com.occamlab.te.realm.PasswordStorage; + import java.io.File; /** @@ -59,6 +53,20 @@ public void init() throws ServletException { } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { + String servletPath = request.getServletPath(); + if("/resetPasswordHandler".equalsIgnoreCase(servletPath)) { + resetPassowrdHandler(request, response); + } else if("/updatePasswordHandler".equalsIgnoreCase(servletPath)) { + updatePassword(request, response); + } + } + + /** + * This method will send email to registered user along with the + * verification code and verification code will stored into + * user.xml file. + */ + public void resetPassowrdHandler(HttpServletRequest request, HttpServletResponse response) throws ServletException { try { String username = request.getParameter("username"); userDir = new File(conf.getUsersDir(), username); @@ -67,11 +75,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr response.sendRedirect(url); } else { File xmlfile = new File(userDir, "user.xml"); - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); - dbf.setExpandEntityReferences(false); - DocumentBuilder db = dbf.newDocumentBuilder(); - Document doc = db.parse(xmlfile); + Document doc = XMLUtils.parseDocument(xmlfile); Element userDetails = (Element) (doc.getElementsByTagName("user") .item(0)); NodeList emailList = userDetails.getElementsByTagName("email"); @@ -141,7 +145,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr if (emailList.getLength() > 0) { updateUserDetails(doc, userDetails, vCode); EmailUtility.sendEmail(host, port, user, pass, emailList.item(0).getTextContent(), subject, message); - response.sendRedirect("resetPassword.jsp?emailStatus=true"); + response.sendRedirect("updatePassword.jsp?emailStatus=true"); } else { String url = "resetPassword.jsp?error=emailNotExists&username=" + username; @@ -152,6 +156,65 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr throw new ServletException(e); } } + + /** + * This method will validate the verification code and update the new password if + * the code is valid. + * Otherwise it will throw error. + * @throws ServletException + */ + public void updatePassword(HttpServletRequest request, + HttpServletResponse response) throws ServletException { + try { + String vCode = request.getParameter("vCode"); + String username = request.getParameter("username"); + String password = request.getParameter("password"); + String hashedPassword = PasswordStorage.createHash(password); + + userDir = new File(conf.getUsersDir(), username); + if (!userDir.exists()) { + String url = "updatePassword.jsp?error=userNotExists&username=" + + username; + response.sendRedirect(url); + } else { + File xmlfile = new File(userDir, "user.xml"); + Document doc = XMLUtils.parseDocument(xmlfile); + Element userDetails = (Element) (doc.getElementsByTagName("user") + .item(0)); + + NodeList vCodeList = userDetails + .getElementsByTagName("verificationCode"); + String storedVerificationCode = null; + if (vCodeList.getLength() > 0) { + Element vCodeElement = (Element) doc.getElementsByTagName( + "verificationCode").item(0); + storedVerificationCode = vCodeElement.getTextContent(); + } + + if (storedVerificationCode.equalsIgnoreCase(vCode)) { + NodeList pwdList = userDetails.getElementsByTagName("password"); + if (pwdList.getLength() != 0) { + Element pwdElement = (Element) doc.getElementsByTagName("password") + .item(0); + Node parent = pwdElement.getParentNode(); + parent.removeChild(pwdElement); + } + Element pwdElement = doc.createElement("password"); + pwdElement.setTextContent(hashedPassword); + userDetails.appendChild(pwdElement); + XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); + String url = "login.jsp?success=pwd"; + response.sendRedirect(url); + } else { + String url = "updatePassword.jsp?error=invalidVcode&username=" + username + "&vCode=" + vCode; + response.sendRedirect(url); + } + } + } catch (Exception e) { + throw new ServletException(e); + } + } + /** * Store verification code into the user.xml file to validate the code. * @param doc @@ -171,17 +234,6 @@ public void updateUserDetails(Document doc, Element userDetails, Element verificationCode = doc.createElement("verificationCode"); verificationCode.setTextContent(verifyCode); userDetails.appendChild(verificationCode); - try { - DOMSource source = new DOMSource(doc); - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - Transformer transformer = transformerFactory.newTransformer(); - transformer.setOutputProperty(OutputKeys.INDENT, "yes"); - StreamResult result = new StreamResult(new File(userDir, "user.xml")); - transformer.transform(source, result); - } catch (Exception e) { - throw new RuntimeException( - "Failed to update userdetails with the verification code " - + e.getMessage()); - } + XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); } } diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java index 4a2e9688d..f504cdade 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java @@ -3,6 +3,15 @@ */ package com.occamlab.te.web; +import java.io.File; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathExpression; @@ -66,5 +75,46 @@ public static NodeList getAllNodes(Document doc, String xPathExpression) { return null; } + + /** + * This method is used to parse xml document and will return + * document object. + * + * @param xmlFile + * Input should XML file with File object. + * @return doc + * Return document object. + */ + public static Document parseDocument(File xmlFile) { + try { + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + dbf.setExpandEntityReferences(false); + DocumentBuilder db = dbf.newDocumentBuilder(); + Document doc = db.parse(xmlFile); + return doc; + } catch (Exception e) { + throw new RuntimeException("Failed to parse xml file: " + xmlFile + + " Error: " + e.getMessage()); + } + } + + /** + * The XML file is uploaded + * @param xmlFile + * @return + */ + public static void transformDocument(Document doc, File xmlFile) { + try { + DOMSource source = new DOMSource(doc); + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + StreamResult result = new StreamResult(xmlFile); + transformer.transform(source, result); + } catch (Exception e) { + throw new RuntimeException("Failed to update xml file. " + e.getMessage()); + } + } } diff --git a/teamengine-web/src/main/webapp/WEB-INF/web.xml b/teamengine-web/src/main/webapp/WEB-INF/web.xml index 979691d1c..ed73365f4 100644 --- a/teamengine-web/src/main/webapp/WEB-INF/web.xml +++ b/teamengine-web/src/main/webapp/WEB-INF/web.xml @@ -23,12 +23,12 @@ user - keshav.nangare@gmail.com + demo@demo.com pass - keshavn@123 + demo123 test @@ -64,6 +64,10 @@ resetPasswordHandler com.occamlab.te.web.ResetPasswordHandler + + updatePasswordHandler + com.occamlab.te.web.ResetPasswordHandler + emailLog com.occamlab.te.web.EmailLogServlet @@ -127,6 +131,10 @@ resetPasswordHandler /resetPasswordHandler + + updatePasswordHandler + /updatePasswordHandler + logout /logout diff --git a/teamengine-web/src/main/webapp/login.jsp b/teamengine-web/src/main/webapp/login.jsp index 755bea939..ac9352647 100644 --- a/teamengine-web/src/main/webapp/login.jsp +++ b/teamengine-web/src/main/webapp/login.jsp @@ -25,6 +25,13 @@ if (request.getParameter("error") != null) { out.println("The username and/or password did not match. Please try again."); } %> +
+ <% + if ("pwd".equals(request.getParameter("success"))) { + out.println("Thank you! Your password is succesfully changed."); + } + %> +

Enter your username and password:
diff --git a/teamengine-web/src/main/webapp/updatePassword.jsp b/teamengine-web/src/main/webapp/updatePassword.jsp new file mode 100644 index 000000000..ab0c0a92b --- /dev/null +++ b/teamengine-web/src/main/webapp/updatePassword.jsp @@ -0,0 +1,104 @@ +<%@ page language="java" session="false"%> + +<% +String vCode = request.getParameter("vCode"); +String username = request.getParameter("username"); +%> + + + + +Reset Password + + + + <%@ include file="header.jsp"%> +

Reset Password

+
+ <% + if ("invalidVcode".equals(request.getParameter("error"))) { + out.println("The Verification code is invalid."); + } + %> +
+
+ <% + if ("true".equals(request.getParameter("emailStatus"))) { + out.println("Thank you! The verification code has been sent successfully to registered email."); + } + %> +
+ +

+ Enter all mandatory fields:

+ + + + + + + + + + + + + + + + + +
Verification code :" />
Username :" />
Password:
Repeat Password:
+
+
+

+
+ <%@ include file="footer.jsp"%> + + From c0f97c8739719d43802223d558fcc22906d1a781 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Mon, 19 Nov 2018 22:23:38 +0530 Subject: [PATCH 05/12] Updated some lables and page layouts. --- .../occamlab/te/web/ResetPasswordHandler.java | 54 +++++++++---------- .../java/com/occamlab/te/web/XMLUtils.java | 24 ++++++++- teamengine-web/src/main/webapp/login.jsp | 22 +++++--- .../src/main/webapp/resetPassword.jsp | 31 ++++++----- .../src/main/webapp/updatePassword.jsp | 8 +-- 5 files changed, 85 insertions(+), 54 deletions(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index 1836e7392..3ba010efc 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -1,15 +1,3 @@ -/**************************************************************************** - - The Original Code is TEAM Engine. - - The Initial Developer of the Original Code is Northrop Grumman Corporation - jointly with The National Technology Alliance. Portions created by - Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop - Grumman Corporation. All Rights Reserved. - - Contributor(s): No additional contributors to date - - ****************************************************************************/ package com.occamlab.te.web; import javax.servlet.ServletContext; @@ -32,14 +20,12 @@ Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop */ public class ResetPasswordHandler extends HttpServlet { - private static final long serialVersionUID = 7428127065308163495L; - Config conf; private String host; private String port; private String user; private String pass; - private String subject = "Reset your Teamengine password"; + private String subject = "Reset your TEAM Engine password"; private String message; File userDir; @@ -118,16 +104,19 @@ public void resetPassowrdHandler(HttpServletRequest request, HttpServletResponse + " 		Dear  " + username + ",
You recently requested to reset your password for your Teamengine account. Use below verfication code to reset your password.You recently requested to reset your password for your TEAM Engine account. Use below verfication code to reset your password.
Verification Code : " + vCode + "
If you did not request a password reset, please ignore this email or contact to CITE team.If you did not request a password reset, please ignore this email or contact the CITE team.
Follow this link to reset your password.
Regards,
CITE TEAM		Regards,
CITE team
" + "
+ + + + + + + + + + + + +
Username:
Password:
Forgot password?
If you don't have a username and password, please register. <%@ include file="footer.jsp" %> diff --git a/teamengine-web/src/main/webapp/resetPassword.jsp b/teamengine-web/src/main/webapp/resetPassword.jsp index e1c77adb7..453d42cd2 100644 --- a/teamengine-web/src/main/webapp/resetPassword.jsp +++ b/teamengine-web/src/main/webapp/resetPassword.jsp @@ -48,21 +48,20 @@ if ("userNotExists".equals(request.getParameter("error"))) { } %> -
-

- Enter registered username only
-
- - - - - -
Username :"/>
- - -
-

-
- <%@ include file="footer.jsp" %> +
+

Enter registered username only

+ + + + + + + + + +
Username :" />
+
+ <%@ include file="footer.jsp" %> diff --git a/teamengine-web/src/main/webapp/updatePassword.jsp b/teamengine-web/src/main/webapp/updatePassword.jsp index ab0c0a92b..919705c21 100644 --- a/teamengine-web/src/main/webapp/updatePassword.jsp +++ b/teamengine-web/src/main/webapp/updatePassword.jsp @@ -87,16 +87,18 @@ String username = request.getParameter("username"); value="<%=username == null ? "" : username%>" />
Password:New Password:
Repeat Password:
-
-

<%@ include file="footer.jsp"%> From 21e37d2c2451d729beff061c108c73b97a9be131 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Mon, 19 Nov 2018 22:25:46 +0530 Subject: [PATCH 06/12] Added change password functionality. --- .../te/web/ChangePasswordHandler.java | 75 ++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 9 ++ .../src/main/webapp/changePassword.jsp | 99 +++++++++++++++++++ teamengine-web/src/main/webapp/header.jsp | 2 +- 4 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java create mode 100644 teamengine-web/src/main/webapp/changePassword.jsp diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java new file mode 100644 index 000000000..837e8d391 --- /dev/null +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java @@ -0,0 +1,75 @@ +package com.occamlab.te.web; + +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import com.occamlab.te.realm.PasswordStorage; + +import java.io.File; + +/** + * Handles requests to change password. + * + */ +public class ChangePasswordHandler extends HttpServlet { + + Config conf; + + public void init() throws ServletException { + conf = new Config(); + } + + public void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException { + + try { + String oldPass = request.getParameter("oldPass"); + String username = request.getParameter("username"); + String password = request.getParameter("password"); + String hashedPassword = PasswordStorage.createHash(password); + + File userDir = new File(conf.getUsersDir(), username); + if (!userDir.exists()) { + String url = "changePassword.jsp?error=userNotExists&username=" + + username; + response.sendRedirect(url); + } else { + File xmlfile = new File(userDir, "user.xml"); + Document doc = XMLUtils.parseDocument(xmlfile); + Element userDetails = (Element) (doc.getElementsByTagName("user") + .item(0)); + + NodeList oldPwdList = userDetails + .getElementsByTagName("password"); + String storedOldPassword = null; + if (oldPwdList.getLength() > 0) { + Element oldePwdElement = (Element) oldPwdList.item(0); + storedOldPassword = oldePwdElement.getTextContent(); + } + Boolean isValid = PasswordStorage.verifyPassword(oldPass, storedOldPassword); + if (isValid) { + doc = XMLUtils.removeElement(doc, userDetails, "password"); + Element pwdElement = doc.createElement("password"); + pwdElement.setTextContent(hashedPassword); + userDetails.appendChild(pwdElement); + XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); + request.getSession().invalidate(); + response.sendRedirect(request.getContextPath()); + } else { + String url = "changePassword.jsp?error=invalidOldPwd"; + response.sendRedirect(url); + } + } + } catch (Exception e) { + throw new ServletException(e); + } + } +} diff --git a/teamengine-web/src/main/webapp/WEB-INF/web.xml b/teamengine-web/src/main/webapp/WEB-INF/web.xml index ed73365f4..58d99ec52 100644 --- a/teamengine-web/src/main/webapp/WEB-INF/web.xml +++ b/teamengine-web/src/main/webapp/WEB-INF/web.xml @@ -68,6 +68,10 @@ updatePasswordHandler com.occamlab.te.web.ResetPasswordHandler + + changePasswordHandler + com.occamlab.te.web.ChangePasswordHandler + emailLog com.occamlab.te.web.EmailLogServlet @@ -135,6 +139,10 @@ updatePasswordHandler /updatePasswordHandler + + changePasswordHandler + /changePasswordHandler + logout /logout @@ -168,6 +176,7 @@ /test.jsp /viewSessionLog.jsp /viewSessions.jsp + /changePassword.jsp /viewTest.jsp /viewTestLog.jsp /emailLog.jsp diff --git a/teamengine-web/src/main/webapp/changePassword.jsp b/teamengine-web/src/main/webapp/changePassword.jsp new file mode 100644 index 000000000..f9ccc8a31 --- /dev/null +++ b/teamengine-web/src/main/webapp/changePassword.jsp @@ -0,0 +1,99 @@ +<%@ page language="java" session="false"%> + +<% +String username = request.getRemoteUser(); +%> + + + + +Reset Password + + + + <%@ include file="header.jsp"%> +

Change Password

+
+ <% + if ("userNotExists".equals(request.getParameter("error"))) { + out.println("The \"" + username + "\" is not registered username. Please try with registered User."); + } else if ("invalidOldPwd".equals(request.getParameter("error"))) { + out.println("The Old password is not valid."); + } + %> +
+
+

+ Enter all mandatory fields:

+ + + + + + + + + + + + + + + + + + + + + +
Username :" readonly />
Old Password :
New Password:
Repeat Password:
+

+
+ <%@ include file="footer.jsp"%> + + diff --git a/teamengine-web/src/main/webapp/header.jsp b/teamengine-web/src/main/webapp/header.jsp index 9a3bf254a..3153b6467 100644 --- a/teamengine-web/src/main/webapp/header.jsp +++ b/teamengine-web/src/main/webapp/header.jsp @@ -15,7 +15,7 @@ if (user != null && user.length() > 0) { out.println("\t\t
"); out.println("\t\t\tUser: " + user + "
"); - out.println("\t\t\tLogout"); + out.println("\t\t\tLogout\t\t\t" + " | Change Password"); out.println("\t\t
"); } %> From ab9b91fe26c4d89a117e66632391d990f8e71867 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Tue, 20 Nov 2018 22:12:19 +0530 Subject: [PATCH 07/12] Updated fields and removed unused import. --- .../com/occamlab/te/web/ChangePasswordHandler.java | 8 +++----- teamengine-web/src/main/webapp/changePassword.jsp | 10 +++++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java index 837e8d391..1bbbea458 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java @@ -1,6 +1,5 @@ package com.occamlab.te.web; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -8,7 +7,6 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; -import org.w3c.dom.Node; import org.w3c.dom.NodeList; import com.occamlab.te.realm.PasswordStorage; @@ -33,8 +31,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) try { String oldPass = request.getParameter("oldPass"); String username = request.getParameter("username"); - String password = request.getParameter("password"); - String hashedPassword = PasswordStorage.createHash(password); + String newPassword = request.getParameter("newPassword"); File userDir = new File(conf.getUsersDir(), username); if (!userDir.exists()) { @@ -54,11 +51,12 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) Element oldePwdElement = (Element) oldPwdList.item(0); storedOldPassword = oldePwdElement.getTextContent(); } + Boolean isValid = PasswordStorage.verifyPassword(oldPass, storedOldPassword); if (isValid) { doc = XMLUtils.removeElement(doc, userDetails, "password"); Element pwdElement = doc.createElement("password"); - pwdElement.setTextContent(hashedPassword); + pwdElement.setTextContent(PasswordStorage.createHash(newPassword)); userDetails.appendChild(pwdElement); XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); request.getSession().invalidate(); diff --git a/teamengine-web/src/main/webapp/changePassword.jsp b/teamengine-web/src/main/webapp/changePassword.jsp index f9ccc8a31..233b24f90 100644 --- a/teamengine-web/src/main/webapp/changePassword.jsp +++ b/teamengine-web/src/main/webapp/changePassword.jsp @@ -31,13 +31,13 @@ String username = request.getRemoteUser(); showerror("Username must be at least 6 characters."); return; } - var password = form.elements["password"].value; - if (password.length == 0) { + var newPassword = form.elements["newPassword"].value; + if (newPassword.length == 0) { showerror("New Password is required."); return; } var repeat_password = form.elements["repeat_password"].value; - if (repeat_password != password) { + if (repeat_password != newPassword) { showerror("Passwords don't match."); return; } @@ -48,7 +48,7 @@ String username = request.getRemoteUser(); var form = document.forms["changePassword"]; form.elements["oldPass"].value = ""; form.elements["username"].value = ""; - form.elements["password"].value = ""; + form.elements["newPassword"].value = ""; form.elements["repeat_password"].value = ""; } @@ -81,7 +81,7 @@ String username = request.getRemoteUser(); New Password: - + Repeat Password: From b8815fbc3ae95127296e9993a9aa1aeb8f33fe20 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Fri, 23 Nov 2018 22:51:20 +0530 Subject: [PATCH 08/12] Fixed link issue in email. --- .../src/main/java/com/occamlab/te/web/ResetPasswordHandler.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index 3ba010efc..1f7fd8dcc 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -113,7 +113,7 @@ public void resetPassowrdHandler(HttpServletRequest request, HttpServletResponse + " If you did not request a password reset, please ignore this email or contact the CITE team." + " " + " " - + " Follow this link to reset your password." + + " Follow this link to reset your password." + " " + " " + " Regards,
CITE team" From 310ac85e635f4fd2483ff5c83d8519025873592a Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Wed, 28 Nov 2018 16:45:18 +0530 Subject: [PATCH 09/12] Reset principal if password is changed by user. --- .../com/occamlab/te/realm/PBKDF2Realm.java | 5 ++- .../te/realm/UserGenericPrincipal.java | 43 +++++++++++++++++++ .../te/web/ChangePasswordHandler.java | 6 +++ 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 teamengine-realm/src/main/java/com/occamlab/te/realm/UserGenericPrincipal.java diff --git a/teamengine-realm/src/main/java/com/occamlab/te/realm/PBKDF2Realm.java b/teamengine-realm/src/main/java/com/occamlab/te/realm/PBKDF2Realm.java index 18cf2d66c..2766175d9 100644 --- a/teamengine-realm/src/main/java/com/occamlab/te/realm/PBKDF2Realm.java +++ b/teamengine-realm/src/main/java/com/occamlab/te/realm/PBKDF2Realm.java @@ -20,8 +20,10 @@ import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; + import org.apache.catalina.Realm; import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.realm.RealmBase; @@ -62,7 +64,7 @@ public class PBKDF2Realm extends RealmBase { private static final Logger LOGR = Logger.getLogger(PBKDF2Realm.class.getName()); private String rootPath = null; private DocumentBuilder DB = null; - private HashMap principals = new HashMap(); + private HashMap principals = UserGenericPrincipal.getInstance().getPrincipals(); public String getRoot() { return rootPath; @@ -223,4 +225,5 @@ GenericPrincipal createGenericPrincipal(String username, String password, List principals = new HashMap(); + + private static volatile UserGenericPrincipal userPrincipal = null; + + public static UserGenericPrincipal getInstance() { + + if (null == userPrincipal) { + synchronized (UserGenericPrincipal.class) { + // check again, because the thread might have been preempted + // just after the outer if was processed but before the + // synchronized statement was executed + if (userPrincipal == null) { + userPrincipal = new UserGenericPrincipal(); + } + } + } + return userPrincipal; + } + + public Principal removePrincipal(String username) { + + synchronized (principals) { + return (Principal) principals.remove(username); + } + + } + + public HashMap getPrincipals() { + return principals; + } + +} diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java index 1bbbea458..3d539ab34 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ChangePasswordHandler.java @@ -10,8 +10,10 @@ import org.w3c.dom.NodeList; import com.occamlab.te.realm.PasswordStorage; +import com.occamlab.te.realm.UserGenericPrincipal; import java.io.File; +import java.security.Principal; /** * Handles requests to change password. @@ -59,6 +61,10 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) pwdElement.setTextContent(PasswordStorage.createHash(newPassword)); userDetails.appendChild(pwdElement); XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); + Principal userPrincipal = UserGenericPrincipal.getInstance().removePrincipal(username); + if(userPrincipal == null){ + throw new RuntimeException("Failed update old credentials"); + } request.getSession().invalidate(); response.sendRedirect(request.getContextPath()); } else { From 27d88abb57ea39717a0a731d1d164c80278c7e06 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Wed, 28 Nov 2018 19:35:52 +0530 Subject: [PATCH 10/12] Moved the email properties to properties file. --- .../occamlab/te/web/ResetPasswordHandler.java | 50 ++++++++++++++++--- .../src/main/resources/email.properties | 4 ++ .../src/main/webapp/WEB-INF/web.xml | 19 ------- 3 files changed, 47 insertions(+), 26 deletions(-) create mode 100644 teamengine-web/src/main/resources/email.properties diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java index 1f7fd8dcc..307b88de5 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/ResetPasswordHandler.java @@ -1,10 +1,12 @@ package com.occamlab.te.web; -import javax.servlet.ServletContext; +import static java.util.logging.Level.SEVERE; + import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; + import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -13,6 +15,10 @@ import com.occamlab.te.realm.PasswordStorage; import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; +import java.util.logging.Logger; /** * Handles requests to register new users. @@ -20,6 +26,7 @@ */ public class ResetPasswordHandler extends HttpServlet { + private static final Logger LOGR = Logger.getLogger(ResetPasswordHandler.class.getName()); Config conf; private String host; private String port; @@ -31,11 +38,6 @@ public class ResetPasswordHandler extends HttpServlet { public void init() throws ServletException { conf = new Config(); - ServletContext context = getServletContext(); - host = context.getInitParameter("host"); - port = context.getInitParameter("port"); - user = context.getInitParameter("user"); - pass = context.getInitParameter("pass"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException { @@ -60,6 +62,12 @@ public void resetPassowrdHandler(HttpServletRequest request, HttpServletResponse String url = "resetPassword.jsp?error=userNotExists&username=" + username; response.sendRedirect(url); } else { + Properties properties = new Properties(); + properties = getEmailProps(); + host = properties.getProperty("host"); + port = properties.getProperty("port"); + user = properties.getProperty("user"); + pass = properties.getProperty("pass"); File xmlfile = new File(userDir, "user.xml"); Document doc = XMLUtils.parseDocument(xmlfile); Element userDetails = (Element) (doc.getElementsByTagName("user") @@ -192,7 +200,7 @@ public void updatePassword(HttpServletRequest request, pwdElement.setTextContent(hashedPassword); userDetails.appendChild(pwdElement); XMLUtils.transformDocument(doc, new File(userDir, "user.xml")); - String url = "login.jsp?success=pwd"; + String url = "viewSessions.jsp?success=pwd"; response.sendRedirect(url); } else { String url = "updatePassword.jsp?error=invalidVcode&username=" + username + "&vCode=" + vCode; @@ -236,4 +244,32 @@ public static String getBaseUrl(HttpServletRequest request) { String baseUrl = scheme + "://" + host + ((("http".equals(scheme) && port == 80) || ("https".equals(scheme) && port == 443)) ? "" : ":" + port) + contextPath; return baseUrl; } + + public Properties getEmailProps() { + + Properties prop = new Properties(); + InputStream input = null; + + try { + + input = getClass().getResourceAsStream("/email.properties"); + if (input == null) { + LOGR.log(SEVERE, "Sorry, unable to find 'email.properties'"); + return prop; + } + prop.load(input); + + } catch (IOException ex) { + ex.printStackTrace(); + } finally { + if (input != null) { + try { + input.close(); + } catch (IOException e) { + e.printStackTrace(); + } + } + } + return prop; + } } diff --git a/teamengine-web/src/main/resources/email.properties b/teamengine-web/src/main/resources/email.properties new file mode 100644 index 000000000..cb2b23acd --- /dev/null +++ b/teamengine-web/src/main/resources/email.properties @@ -0,0 +1,4 @@ +host=smtp.gmail.com +port=587 +user=demo@demo.com +pass=demo123 \ No newline at end of file diff --git a/teamengine-web/src/main/webapp/WEB-INF/web.xml b/teamengine-web/src/main/webapp/WEB-INF/web.xml index 58d99ec52..d3ebd495d 100644 --- a/teamengine-web/src/main/webapp/WEB-INF/web.xml +++ b/teamengine-web/src/main/webapp/WEB-INF/web.xml @@ -11,25 +11,6 @@ appVersion ${project.version} - - host - smtp.gmail.com - - - - port - 587 - - - - user - demo@demo.com - - - - pass - demo123 - test com.occamlab.te.web.TestServlet From d5f78f5ff7368662c8195e7062fc186abeedeef5 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Fri, 30 Nov 2018 00:03:11 +0530 Subject: [PATCH 11/12] Added clear verification code filter. --- .../web/listeners/ClearVerificationCode.java | 56 +++++++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 8 +++ 2 files changed, 64 insertions(+) create mode 100644 teamengine-web/src/main/java/com/occamlab/te/web/listeners/ClearVerificationCode.java diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/listeners/ClearVerificationCode.java b/teamengine-web/src/main/java/com/occamlab/te/web/listeners/ClearVerificationCode.java new file mode 100644 index 000000000..232f91b59 --- /dev/null +++ b/teamengine-web/src/main/java/com/occamlab/te/web/listeners/ClearVerificationCode.java @@ -0,0 +1,56 @@ +package com.occamlab.te.web.listeners; + +import java.io.File; +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +import com.occamlab.te.web.Config; +import com.occamlab.te.web.XMLUtils; + +public class ClearVerificationCode implements Filter { + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + + HttpServletRequest req = (HttpServletRequest) request; + HttpServletResponse res = (HttpServletResponse) response; + String username = req.getRemoteUser(); + + if (username != null) { + + Config conf = new Config(); + File userDir = new File(conf.getUsersDir(), username); + if (userDir.exists()) { + String fileName = "user.xml"; + File xmlfile = new File(userDir, fileName); + Document doc = XMLUtils.parseDocument(xmlfile); + Element userDetails = (Element) (doc.getElementsByTagName("user") + .item(0)); + doc = XMLUtils.removeElement(doc, userDetails, "verificationCode"); + XMLUtils.transformDocument(doc, new File(userDir, fileName)); + } + } + chain.doFilter(request, response); + } + + @Override + public void destroy() { + } + +} diff --git a/teamengine-web/src/main/webapp/WEB-INF/web.xml b/teamengine-web/src/main/webapp/WEB-INF/web.xml index d3ebd495d..562377d24 100644 --- a/teamengine-web/src/main/webapp/WEB-INF/web.xml +++ b/teamengine-web/src/main/webapp/WEB-INF/web.xml @@ -11,6 +11,14 @@ appVersion ${project.version} + + clearVerificationCode + com.occamlab.te.web.listeners.ClearVerificationCode + + + clearVerificationCode + /viewSessions.jsp + test com.occamlab.te.web.TestServlet From f121dd514ff2f0072d0d36c048e62449c93c5b55 Mon Sep 17 00:00:00 2001 From: Keshav Nangare Date: Fri, 30 Nov 2018 18:41:49 +0530 Subject: [PATCH 12/12] Improved the XML transformation with the indentation. --- .../java/com/occamlab/te/web/XMLUtils.java | 27 ++++++++++++++----- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java index 155dcd021..3a0419c06 100644 --- a/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java +++ b/teamengine-web/src/main/java/com/occamlab/te/web/XMLUtils.java @@ -4,6 +4,7 @@ package com.occamlab.te.web; import java.io.File; +import java.io.FileOutputStream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -18,10 +19,15 @@ import javax.xml.xpath.XPathExpressionException; import javax.xml.xpath.XPathFactory; +import org.apache.xerces.impl.Constants; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.w3c.dom.bootstrap.DOMImplementationRegistry; +import org.w3c.dom.ls.DOMImplementationLS; +import org.w3c.dom.ls.LSOutput; +import org.w3c.dom.ls.LSSerializer; /** * @author lbermudez @@ -107,14 +113,21 @@ public static Document parseDocument(File xmlFile) { */ public static void transformDocument(Document doc, File xmlFile) { try { - DOMSource source = new DOMSource(doc); - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - Transformer transformer = transformerFactory.newTransformer(); - transformer.setOutputProperty(OutputKeys.INDENT, "yes"); - StreamResult result = new StreamResult(xmlFile); - transformer.transform(source, result); + DOMImplementationRegistry domRegistry = DOMImplementationRegistry.newInstance(); + DOMImplementationLS lsFactory = (DOMImplementationLS) domRegistry.getDOMImplementation("LS 3.0"); + + LSSerializer serializer = lsFactory.createLSSerializer(); + serializer.getDomConfig().setParameter(Constants.DOM_XMLDECL, Boolean.FALSE); + serializer.getDomConfig().setParameter(Constants.DOM_FORMAT_PRETTY_PRINT, Boolean.TRUE); + LSOutput output = lsFactory.createLSOutput(); + output.setEncoding("UTF-8"); + + FileOutputStream os = new FileOutputStream(xmlFile, false); + output.setByteStream(os); + serializer.write(doc, output); + os.close(); } catch (Exception e) { - throw new RuntimeException("Failed to update xml file. " + e.getMessage()); + throw new RuntimeException("Failed to update user details. " + e.getMessage()); } }